The Federal Bureau of Investigation (FBI) has issued a public service announcement concerning the continuous WordPress website attacks, which are being carried out by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS) through a vulnerability in the WordPress content management system.
According to the researchers, an attacker could install malicious software; manipulate data; or create new accounts with full user privileges by exploiting the vulnerabilities resulting in an attacker gaining unauthorized access, injecting scripts, bypassing security restrictions, and stealing cookies from computer systems or network servers.
The attackers didn’t targeted Web sites by name or business type. They used common WordPress plug-in vulnerabilities, which can be easily exploited by common hacking tools.
These are the following steps recommended by FBI, if your web
site has been targeted.
1)Review and follow WordPress guidelines:
http://codex.wordpress.org/Hardening_WordPress
2)Identify WordPress vulnerabilities using free available tools such as
http://www.securityfocus.com/bid
http://cve.mitre.org/index.html
https://www.us-cert.gov/
3)Update WordPress by patching vulnerable plugins:
https://wordpress.org/plugins/tags/patch
4)Run all software as a non-privileged user, without administrative privileges, to diminish the effects of a successful attack
5)Confirm that the operating system and all applications are running the most updated versions
According to the researchers, an attacker could install malicious software; manipulate data; or create new accounts with full user privileges by exploiting the vulnerabilities resulting in an attacker gaining unauthorized access, injecting scripts, bypassing security restrictions, and stealing cookies from computer systems or network servers.
The attackers didn’t targeted Web sites by name or business type. They used common WordPress plug-in vulnerabilities, which can be easily exploited by common hacking tools.
These are the following steps recommended by FBI, if your web
site has been targeted.
1)Review and follow WordPress guidelines:
http://codex.wordpress.org/Hardening_WordPress
2)Identify WordPress vulnerabilities using free available tools such as
http://www.securityfocus.com/bid
http://cve.mitre.org/index.html
https://www.us-cert.gov/
3)Update WordPress by patching vulnerable plugins:
https://wordpress.org/plugins/tags/patch
4)Run all software as a non-privileged user, without administrative privileges, to diminish the effects of a successful attack
5)Confirm that the operating system and all applications are running the most updated versions